MS365 Permissions by Site



New with version 4.0 is ability to scan and report on permissions and sharing within Microsoft 365. Know how the permissions are set and how files are sharing can make a large impact on how well a company’s data is protected.

This report comes in a couple of formats. First a custom paginated format and secondly a CSV based format.

NOTE: Due to schema changes in 4.1, be sure to download the appropriate version for your installation.

Suspect Permissions: An evaluation of direct user-assigned trustees in NCP.


Create a report to locate all of the directly assigned user permissions in a particular NCP scan target.

Back Story

The customer has a number of volumes where the trustees should only ever be assigned granted via groups. They need a report to locate any permissions that have been granted to the individual user object, so that it can be evaluated.


The scope of the query to limited to NCP trustees in the desired scan target. The scan_target will need to be modified to make it work based on the environment.

Current NTFS ACEs Without Inheritance


How when using the srs.current_ntfs_aces view can I report on the ACEs without inheritance?


The srs.current_ntfs_aces view includes a field called ace_flags which is a value mask.

If the bit flag with a value of 16 is present, then the ACE is inherited. Filtering out inherited ACEs is a simple matter of checking that this flag is off.

Current NCP Trustees


Create a report that will display all NCP Trustees in eDirectory.

Back Story

The customer wanted to create a catalog of the NCP trustees for reference purposes.


The scope of the query is eDirectory Tree wide, but can be limited to a particular path by adding a simple where clause.

*Starting in version 2.6.0, the "srs.active_ncp_trustees" database view has been renamed to "srs.current_ncp_trustees". While the "active" version will still with version 3.0 work it has been deprecated.